Starting a new project in GHIDRA. setting Ram segment and analyzing. SH7055 denso Ecu
Вставка
- Опубліковано 11 лют 2024
- My website, More videos! www.ghidrauto.com/
a viewer requested that I show how to start a new project in ghidra. So here it is!! denso SH7055.
www.romraider.com/forum/viewt...
www.romraider.com/forum/viewt...
www.renesas.com/us/en/documen...
check out this link for GHIDRA and IDA helpers. This GitHub is where too find the SHxxxx script to automatically set up the ram and IO segments.
github.com/fenugrec/nissutils - Авто та транспорт
Cool, I don't need to do a ghidra video!
One reason to setup RAM and IO segments separately is that you want IO to be set 'volatile', in particular if you're looking at low-level periph access. Otherwise the decompiler will 'optimize' out some read/writes that it thinks are redundant.
To get the ghidra to name the first loaded segment properly (by default it takes 'ram', even if you change it later, as you've shown), you need to do this from the 'select language' dialog, and Options button.
Hey man! I know your handle….. GitHub nussitiles(forgive spelling) and rom raider correct!? I gained some critical information from you that gave me my first step into this journey.
The other night I found all of my sae, and manufacturer specific pids. Do you guys os patch the Ecu’s supported by romraider too mode 23 datalog? (Ram dump)
I need to datalog some paremeters that I found in the Ecu. The paremeters are brought into “PID function”(based on the architecture of the rest of the pids, these clearly were designed for this) however they are not called out be either sae or manufacturer specific PIDS. if I can figure out how too mod 23 I’ll do that, other wise I’ll redirect some PIDs too call these functions (parameters) I want too see rather then some of the lesser used ones available.
Hey if you ever want to reach out, feel free too ghidrauto@gmail.com. Suggestions, questions, interest in project files, etc.
And I should ad. Okay that makes sense about volatility. Thank you for dropping the knowledge.
@@GHIDRAuto nissutils, yes, the repo you linked in the description. We don't need to patch ROMs for logging because this family of denso ECUs have mfg-specific requests (0xAC) that let you log pretty much anything, fairly efficiently. I think it's implemented in romraider, not sure.
Looks like I am going to have too go down this rabbit hole. And, when you say “this family denso” is “this family referring too denso ecus with our sh7055,58, and59 ecus (mine included). Or your denso ecus in the Mazdas and subies?
@@GHIDRAuto "this family" = nissan, infiniti, renault, but not subaru. Even though these are also SH705x, the firmware is different. Not familiar with mazda, honda or others
love your videos, working myself on an edc16
Right on
didn’t realize superh was used in automotive ECUs. thanks!
Something tells me you need too start a yt channel so I can learn from you! What do you usually see it in?
Japanese. Vehicles it seems. A lot of Mitsubishi and denso ecus like too disassemble with sh2e
thanks for this, i am writing my thesis about reversing tricore 3xx
Please, please, please!! Send me a link. I really want to start working on my tricore file!
Thank's Dude for quite well guide. You would to use nissutils for allocations of memory blocks.
Yes nussitiles for memory allocation
Perfect. Thanks!
Get to know your 2d, and 3d structures. Ghidra likes too turn them into “labs”. And it foobars your functions that reference them. You’ll notice something fishy.
Thanks !
No problem!
Hello! Do also have information about a SH72531 from a KTM dirtbike? I'm really interested in finding maps. Thanks so much! Severin
Send me the binary file ghidrauto@gmail.com. Do you have any maps detected yet?
Hello i have a question il very new to ghidra ur videos introduced me to it.
I wonder if it would be possible to safely change a table axies inside the ecu ? I would want to change an axies to use this to my advantage. I want to change trothle position into engine speed / rpm . In an edc16 evu file.
Hey, definitely something that can be done! Different ecus will have different levels of difficulty, but in the denso sh language ecus, it is exceptionally easy to
Is there any way i can get in touch with you? i really want to learn more about reverse eng and Ghidra for Auto
Ghidrauto@gmail.come.
@@GHIDRAuto thank you, I just send you a email
Did you know how to find maps starting from dtc?
You are asking what my first nap I ever found was? If so, drivers wish. Second was SOI MAIN. Then max IQx ECT. the. I found a mappack that I purchased. It had many miss labeled maps. So that is when I started learning ghidra. Through that process, someone confirmed my assumption about dtc maps, and then I used dtc hex map to find sensor scalers and calibrations.
@@GHIDRAuto how many maps did you have now in your mappack?
Hundreds. All IQ maps. All rail pressure maps. All boost maps. Sensor calibration maps. Soi maps. Injection corrections maps. Too many too list. Torque maps are only used too reference in this calibration.